Vulnerability ID 5655

Linux Kernel up to nf_conntrack_reasm.c nf_ct_frag6_reasm() denial of service

CVSSv3 Temp ScoreCurrent Exploit Price (≈)

A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function nf_ct_frag6_reasm() of the file net/ipv6/netfilter/nf_conntrack_reasm.c. The manipulation with an unknown input leads to a denial of service vulnerability. This is going to have an impact on availability.

The issue has been introduced in 02/24/2010. The weakness was published 07/10/2012 with Beyond Security's SecuriTeam Secure Disclosure as RHSA-2012:1064-2 as advisory (Red Hat Security Advisory). The advisory is shared for download at This vulnerability is uniquely identified as CVE-2012-2744 since 05/14/2012. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability was handled as a non-public zero-day exploit for at least 867 days. During that time the estimated underground price was around $5k-$10k. The vulnerability scanner Nessus provides a plugin with the ID 68575 (Oracle Linux 6 : kernel (ELSA-2012-1064)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Oracle Linux Local Security Checks and relying on port 0.

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at SecurityFocus (BID 54367), Secunia (SA49778) and Vulnerability Center (SBV-35533). See 5656 for similar entries.


Base Score: 7.5 [?]
Temp Score: 7.2 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:O/RC:X [?]
Reliability: High


Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) [?]
Temp Score: 6.8 (CVSS2#E:ND/RL:OF/RC:ND) [?]
Reliability: High




Class: Denial of service
Local: No
Remote: Yes

Availability: No

Current Price Estimation: $5k-$10k (0-day) / $0-$1k (Today)


Nessus ID: 68575
Nessus Name: Oracle Linux 6 : kernel (ELSA-2012-1064)
Nessus File: centos_RHSA-2012-1064.nasl
Nessus Family: Oracle Linux Local Security Checks
Nessus Port: 0
OpenVAS ID: 881073
OpenVAS Name: CentOS Update for kernel CESA-2012:1064 centos6
OpenVAS File: gb_CESA-2012_1064_kernel_centos6.nasl
OpenVAS Family: CentOS Local Security Checks


Recommended: Patch
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 867 days since found
Exposure Time: 0 days since known
ISS Proventia IPS: 2104116


02/24/2010 Vulnerability introduced
05/14/2012 +810 days CVE assigned
07/10/2012 +57 days Advisory disclosed
07/10/2012 +0 days Countermeasure disclosed
07/10/2012 +0 days OSVDB entry created
07/10/2012 +0 days VulnerabilityCenter entry assigned
07/11/2012 +1 days VulnerabilityCenter entry created
07/19/2012 +8 days VulDB entry created
08/09/2012 +21 days NVD disclosed
07/12/2013 +337 days Nessus plugin released
06/22/2015 +710 days VulnerabilityCenter entry updated
07/08/2015 +17 days VulDB entry updated


Advisory: RHSA-2012:1064-2
Organization: Beyond Security's SecuriTeam Secure Disclosure

CVE: CVE-2012-2744 ( ( (

SecurityFocus: 54367
Secunia: 49778 - Red Hat update for kernel, Moderately Critical
Vulnerability Center: 35533 - Linux Kernel Netfilter IPv6 Null Pointer Dereference Error Allows Remote DoS, High
OSVDB: 83665

See also: 5656


Created: 07/19/2012
Updated: 07/08/2015
Entry: 88.9% complete